Slashdot Mirror
What Happens To Your Files When a Cloud Service Shuts Down?
MrSeb writes "Megaupload's shutdown poses an interesting question: What happens to all the files that were stored on the servers? XDA-Developers, for example, has more than 200,000 links to Megaupload — and this morning, they're all broken, with very little hope of them returning. What happens if a similar service, like Dropbox, gets shut down — either through bankruptcy, or federal take-down? Will you be given a chance to download your files, or helped to migrate them to another similar service? What about data stored on enterprise services like Azure or AWS — are they more safe?"
And if you're interested, the full indictment against Megaupload is now available.
As a point, the government will be using all files hosted on those servers as evidence in the case. They will not likely, and are not required to, give access to those files.
...if the answer is "backup"?
Good question, but it's not really an issue for Dropbox as that service maintains full local copies on each of the computers I have on my account.
If you can afford to lose the data, it's fine to have it in the cloud.
If you can't, you are SOL if you don't have a backup - one that is not in the cloud.
Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
The foolishness that is millions of users trusting a single giant computing grid owned by a single private corporation was stupid in the first place.
it is everyone putting their eggs in the same giant basket
ranging from policy changes to mergers/takeovers/acquisitions to bankruptcies to government intervention - whatever you can imagine. its a single point of failure and your important stuff is gone.
moreover, these cloud stuff are utilized for making collaboration tools work. so if cloud is gone, there goes your entire communication in between your team, company, clients, workgroup, whatever.
its strategically stupid. run your own cloud if you want. dont put your stuff on another company's turf. its dangerous.
Read radical news here
I've always wondered what happens to Pokemon in a trainers' computer when the trainer dies/quits/etc. I imagine the same would happen to megaupload files. Like the pokemon lost in a nonphysical oblivion for all eternity, these files will endure an endless torture of nothingness.
Has Megaupload been found guilty of anything? If not, why has their site been shut down? If copyright laws apply to the internet, then why doesn't due process?
If what I just said sounded like a troll, it was probably just a failed attempt at humor.
Your files will glow in golden sunlight when the cloud dissipates... =)
It sounds hauntingly familiar to what happens when a DRM licensing server goes down. (And also due to a company folding/retiring the service.)
Clearly, we need a magical, distributed, self-healing data storage system. I think I've heard of one or two of these (can anyone provide links, if they exist?) but I guess they haven't been popular enough to be remembered. (And I'm not talking about mere P2P; I'm thinking something more like distributed, redundant storage with the structural resilience of BitCoin.)
Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
I don't even trust GMail to keep my e-mail store forever, but download them to my own copy of Thunderbird each day. GMail is probably not going away any time soon, but what would I do if for some reason they shut down my account? Customer service for issues like this at Google isn't exactly stellar. If you don't have your own backups of what you have in the cloud, you are asking for trouble.
There is nothing magic about the "Cloud". From a practical perspective it is little more than a remote hard drive. A cloud provider going away is very much like a hard drive failing.
But once the SOPA-esque laws and treaties become The Way That Things Are (tm) - and unless things change drastically, they eventually will - and once the Great Consolidation has run its course - what choice will there be?
Check your premises.
It goes away. Hope you had a backup.
If you're lucky, the cloud provider may provide you with a one-time access to your account, but isn't it far safer to assume that if your cloud provider goes down, you've lost everything you put in? Not just data, either - if you've prepaid your account, you probably lost all that stored value as well.
Cloud storage providers especially. What happens if your hard drive dies? You lose the data. What happens if your backup tapes fail - you've lost the backup. What happens if your dropbox/skydrive/etc. disappear? You've lost your files.
All those XDA Developer links? Gone. hope the original authors are still around to upload them elsewhere or that someone downloaded it and can upload it.
Cloud providers make us lazy - we think "it'll always be around and I can grab it later". Turns out later can disappear - perhaps temporary (e.g., your or their internet connection dies), or permanently. But it's really just the same as storing files locally - there's a chance the storage may fail.
The possibility that a cloud service can go offline quite suddenly should be a major factor in your decision whether to use the service at all, and the extent to which you'll rely on it. The customer agreement for Amazon Web Services is better than I might expect because it says they will notify you if the service goes dark, but that might be small comfort if you are not prepared for a sudden migration.
[Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
I would not be in the least bit surprised if a class action suit against the government (or something of that nature) was launched from all those who had legitimate files on Megaupload. Imagine if the USG shut down Youtube when it was first starting up. But truthfully, we are as a society held to the laws we make. To quote a lawyer once while I was in court, "If people don't like the laws, they should change them."
What are you smoking? First, you can't sue the government (easily). Second, the ones to sue are the people running Megaupload. If you had a valid contract with them to give them money so they store your data, then it was _their_ duty to ensure your data is safe. One part of their duty is to not commit illegal activities that gets them closed down.
Is a case against some Dell folks for massive insider trading scam.
Wanna take a whild guess as to who gets more jail time?
So rise up, all ye lost ones, as one, we'll claw the clouds.
Well, the summary specifically references a developer's forum where I can sympathize (being a developer) with people modding Android ROMs or whatever and uploading such binaries for distribution to others. I guess the people who run the forum don't really get a say in any of this. However, as a software developer, I can imagine a third option for files that are user generated (and for the most part legal).
... perhaps a hash of the date, checksum and filename? It would then maintain a key-value pair of these megaupload links to your internal URIs and also a directory structure of these URIs as the files. Now, say megaupload is a very unreliable/questionable service or goes down and now your forum is worthless. Well, you can always re-spider your site and replace all the megaupload links with links to your cloud hosting of these new files or work out a deal with another third party similar to megaupload where they would accept the file and URI and return to you the URI paired with their new URL. Then it's a matter of spidering your site and replacing the megaupload links with your new service's URLs.
Now XDA-Developers is going to have tens of thousands of once helpful posts that now lead to a broken link. How could they have avoided this? Well, I'd imagine that someone could have written an internal bot for their forums that would harvest links to the external megaupload. They then could have subscribed to megaupload, downloaded said linked files and created a local cache of their files purely for their own use on a small RAID. Now the last thing the bot would need to do is take the megaupload URL and develop some unique URI
It's a pain in the ass but let's face it, some forums could perish when their codependence on megaupload is fully realized in a very painful manner. And I don't think that's a fair risk to the users who have created hundreds of thousands of posts.
My work here is dung.
...for a client, I'm not going to fool them into believing its any more secure than offsite copies in C level officer's homes or other safe location with physical access. In fact, given what happened with Megaupload, I'm not sure I could, in good conscience, convince a customer that cloud computing is secure for them.
i am so very tired....
Prime example evidence #1 of how SOPA breaks the cloud.
A single complaint that a cloud service has a copyright file can result in a takedown of the entire cloud. Stranding all clients of that cloud.
Thanks to the government and their extra-judicial processes, they have broken the notion of internet provided services.
No it's not, you luddite. If I upload a file into the cloud, the file now exists in two places. I have it, and the cloud has it, and now maybe other people have it too. It is exactly the opposite of everything putting their eggs in one basket. It is more like magically multiplying your single egg among many baskets, so that any basket which disappears still leaves you with a bunch of eggs in a bunch of baskets, with plenty of eggs for everyone.
If I'm wrong, then you will kindly point out how now nobody can pirate movies anymore, because the only copy (the only egg) of those movies existed on Megaupload (the only basket).
Those emails are pretty damning, especially the ones specifying payments to users for providing illegal content. To paraphrase: "User X has 10 great, DVD ripped copies of some popular movies, let's send him a check for five grand." If anything, though, this is proof that the existing law is working as intended and we really don't need any additional bills to go through to crack down on piracy.
Occasionally living proof of the Ballmer peak.
Today, millions of people understood why technical staff always had reservation about "cloud-based" solutions.
The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
One part of their duty is to not commit illegal activities that gets them closed down.
At this point, it has not been demonstrated whether Megaupload has committed any illegal activities (remember the presumption of innocence and all that). The problem is that it's not unfathomable for an entity to be taken down in this fashion regardless of whether they actually commited any crime; especially if SOPA/PIPA or any similar legislation ever gets passed.
should work out pretty well. Just upload your content to as many "cloud" services as possible and each one can pay for itself if your content is worth anything. If one provider goes away, the rest will take up the slack. Use magnet links.
From the site:
WE DON'T HAVE ANY DOMAIN NAME FOR NOW
ONLY THIS IP ADDRESS (http://109.236.83.66) BEWARE TO THE PISHING SITES!
This is the NEW MEGAUPLOAD SITE! we are working to be back full again
Bookmark the site and share the new address in facebook and twitter!
But apparently if you go to the site, you will be used as part of a DDoS attack?
http://gawker.com/5877707/the-evil-new-tactic-behind-anonymous-massive-revenge-attack
It had to be said: obligatory xkcd reference.
I have no problem with your religion until you decide it's reason to deprive others of the truth.
If you're using file storage/replication services as a backup, then you have the originals. The point of a backup is that you can lose either of the copies and still have another. That's relevant whether it's the original that goes up in flames, or the backup.
If you're these services as the sole-source for storage, then you're doing it just as wrongly as if you used a single local storage device, or else the data isn't important enough to worry about losing.
https://www.eff.org/https-everywhere
"The Cloud" is for dopes. Period. If you stored mission- or life-critical data in "The Cloud", then you get what you deserve.
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
I've been watching the hype over cloud-this and cloud-that for several years with an increasingly cynical eye. Perhaps this incident will help convince a few others to look pass the trendy buzzwords and actually THINK about what can happen. For example:
1. Drives seized, eventually end up for sale to the public, random people now own your data.
2. Cloud provider hacked, dangerous random people now own your data.
3. Drives seized, feds download all your data and start going through it to see if they can make a case against you. (Oh, you don't think they can? Keep in mind the words of Cardinal Richelieu: "If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged.")
4. Drives seized, someone decides to make a few extra bucks selling your data to your competitors. Or spammers. Or phishers.
5. Drives seized, someone graciously decides to let you "have your data back", but what you get back is not what you think it is -- it's been quietly, carefully modified. Maybe your research statistics have been subtly corrupted; maybe there's malware in it; maybe it's missing a few key pieces here and there.
When you use a cloud provider, all you've got is your best hope. And "hope" is not a valid security strategy.
First Rule of Cloud Computing Use: Never upload anything to the cloud you wouldn't want the entire world to see.
Are you going to get this data back? Of course not. The servers have been seized by the government because they were used for criminal activities. They're not going to take the time to go through everyone's files to find the good ones and give them back.
They're going to count up the number of items that look like copyrighted content (7 billion copyrighted photographs, 28 million ripped DVDs, etc.), come up with a multiplier for each type ($5,000 for each photo, $15 million for each DVD, etc.) and then tell the judge the copyright infringement at Megaupload was so massive, the value of the damages is greater than the amount of U.S. debt held by China.
Second Rule of Cloud Computing Use: Never assume that you have any guarantee of access to anything in the cloud.
Keep in mind that the Rules of Cloud Computing Use are a necessary because of the Three Laws of Cloud Computing:
Having read through the complaint, the accusations are chilling. The complaint basically describes any service that derives a profit from user-uploaded content and makes the leap that the site is responsible for all content uploaded by users. In this case, the site may very well have known that the vast majority of content was being uploaded by users with no rights to the content, but almost everything that's claimed could be claimed of services where that isn't the case. If this sets a precedent for sites being criminally liable for content uploaded by users, there are many, many online services with much more legitimate intentions that could be affected.
There's also other nonsensical claims in the complaint that make it scary for those trying to play by the rules. For one, they claim that by not providing search functionality to aid copyright holders in identifying their content, the service was promoting piracy rather than the claimed use as a personal backup service. To me, a global search to help identify files that aren't yours seems like it would aid in piracy, not help it. Any functionality that helps copyright holders find their content will also help those that are looking to download it illegally. Also, unbelievably enough, the evidence against them includes a tool they created for copyright holders to claim files were copyrighted and remove them from the system. I'm still trying to wrap my head around how trying to help copyright holders protect their content can be evidence of conspiring to violate copyright.
Losing access to your data is only one of the points to be made here.
There's also the question of the government having access to your information. With one blanket warrant (the website), the government now has access to all the files of all users, whether infringing or not.
This is roughly akin to the government getting a search warrant for a bank, and rooting around in all the safety deposit boxes.
Another question relates to the security of the data.
As I understand it, MegaUpload allows users to choose who has access to their data. If your data was valuable, what happens if that value is lost due to the feds losing control over it?
Does the government guarantee the safety of the data? Can the government be sued if your trade secrets mysteriously find their way to the hands of your competitors? Or to China?
Indicting the owners of MegaUpload is one thing, but every way you look at it the seizure of the data is an infringement of people's rights.
What Happens To Your Files When a Cloud Service Shuts Down?
They're toast.
That was the easiest "Ask Slashdot" ever. What's the next question?
No, really. That's all there is to say about it. Everything else either follows from there, is trivially obvious, or is pure speculation, ranting, off-topic or trolling.
Assorted stuff I do sometimes: Lemuria.org
Check out the plates on some of these:
2005 Mercedes-Benz CLK DTM, VIN WDB2093422F165517, LicensePlate No. “GOOD”;69.
2004 Mercedes-Benz CLK DTM AMG 5.5L Kompressor, VINWDB2093422F166073, License Plate No. “EVIL”;70.
2010 Mercedes-Benz S65 AMG L, VIN WDD2211792A324354, LicensePlate No. “CEO”;7071.
2008 Rolls-Royce Phantom Drop Head Coupe, VINSCA2D68096UH07049; License Plate No. “GOD”;72.
2010 Mercedes-Benz E63 AMG, VIN WDD2120772A103834, LicensePlate No. “STONED”;73.
2010 Mini Cooper S Coupe, VIN WMWZG32000TZ03651, License PlateNo. “V”;74.
2010 Mercedes-Benz ML63 AMG, VIN
WDC1641772A608055, LicensePlate No. “GUILTY”;75.
2007 Mercedes-Benz CL65 AMG, VIN WDD2163792A025130, LicensePlate No. “KIMCOM”;76.
2009 Mercedes-Benz ML63 AMG, VIN WDC1641772A542449,LicensePlate No. “MAFIA”;77.
2010 Toyota Vellfire, VIN 7AT0H65MX11041670, License Plate Nos.“WOW” or “7”;78.
2011 Mercedes-Benz G55 AMG, VIN WDB4632702X193395, LicensePlate Nos. “POLICE” or “GDS672”;79.
2011 Toyota Hilux, VIN MR0FZ29G001599926, License PlateNo. “FSN455”;80.
Harley Davidson Motorcycle, VIN 1HD1HPH3XBC803936, LicensePlate No. “36YED”;81.
2010 Mercedes-Benz CL63 AMG, VIN WDD2163742A026653, LicensePlate No. “HACKER”;82.
2005 Mercedes-Benz A170, VIN WDD1690322J184595, License PlateNo. “FUR252”;83.
2005 Mercedes-Benz ML500, VIN WDC1641752A026107, License PlateNo. DFF816;84.
Fiberglass sculpture, imported from the United Kingdom with EntryNo. 83023712;85.
1957 Cadillac El Dorado, VIN 5770137596;86.
2010 Sea-Doo GTX Jet Ski, VIN YDV03103E010;87.
1959 Cadillac Series 62 Convertible, VIN 59F115669;88.
Von Dutch Kustom Motor Bike, VIN 1H9S14955BB451257;89.
2006 Mercedes-Benz CLK DTM, VIN WDB2094421T067269;90.
2010 Mini Cooper S Coupe, VIN WMWZG32000TZ03648 LicensePlate No. “T”;7191.
1989 Lamborghini LM002, VIN ZA9LU45AXKLA12158, License PlateNo. “FRP358”;92.
2011 Mercedes-Benz ML63, VIN 4JGBB7HB0BA666219;
You thought your content was safe. You lost. You thought your content was secure. You lost. You thought your content couldn't be seen or decrypted by third parties. Odds are, you lost there too.
I wish I had more sympathy, but "the cloud" still looks like a sucker's game pushed by government-corporations as a way to acquire, monitor and control digital content for economic and political purposes. Think anything else and you're just being a gullible fool. Sorry, but that's the real world you see in those broken links today.
Please do not read this sig. Thank you.
welcome to the future.
For every benefit you receive a tax is levied. - Ralph Waldo Emerson
What happened to people and businesses when their banks went belly up before the FDIC?
The answer wasn't pretty.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
This raises an interesting issue. Since this appears a criminal investigation, related parties are unlikely to easily gain access to the materials. For example, in a drug seizure context, the government basically assumes 'too bad' or complicity for related parties/owners (think seizure of an auto or house allegedly implicated in drug crimes). Understandably, technologists see a significant distinction. Unfortunately, the law lags 5-10 years behind reality so while these issues are obvious to most technologists, these issues might not even be comprehensible to some in the legal community. That said, when you are dealing with 1) data servers (often remotely hosted), 2) massive amounts of data potentially unrelated to the criminal investigation, 3) potentially easily segregated, electronic, data silos (in other words, each user has its own dedicated, protected area), and 4) a collective environment, the analogy to auto seizures seems to obviously break-down (more like the seizure of an entire 500 unit apartment building because someone sold crack in #203). Thus, one would presume the affected parties (assuming no complicity--which the government probably will argue is uncertain) would need to challenge the seizures in a court with jurisdiction--which raises its own complexities and costs (plus predicate issues of standing to sue). But, note, there is perhaps another serious issue here related to additional liability. When the servers are seized, the current astounding breadth of government review of the materials seized might implicate others in crimes. The situations is a not-unexpected conundrum (for some of us), and one that you probably won't find featured in your shiny, cloud-computing-will-save-the-world marketing brochures.
The lost is real if all the copies of a piece of work disappear. The lost is imaginary/trivial if more copies exists somewhere else. For some files in Megaupload there are no known copies.
MOD THE CHILD UP!
The actual answer is (as always) to have backups of anything you feel is important.
Ironically, the specialist on-line back-up services seem to be among the worst offenders in terms of guarantees.
For example, we looked into this a few months ago, and one huge and very well known back-up service had Ts & Cs that seemed to say (quite clearly, IIRC) that if they decided to close down the service for any reason then they would have no obligation in terms of granting customers data access beyond letting you download what you could over the next 3 days. On a fully saturated leased line, with no-one else hitting their servers at the same time, you still couldn't download the volume of data that even their entry-level business packages supported within that time frame! And clearly in practice not everyone has a handy leased line available and it is highly unlikely that the back-up service's servers would stand up to their entire customer base trying to do that at once. They normally offer other ways to retrieve your data en masse if necessary, such as posting it on discs for a small fee, but those options all stop as soon as they announce the closure. Basically, they offer a back-up service that can disappear at any time without giving you a chance to retrieve everything, so better hope your office doesn't burn down around the time they decide to do that, then.
We didn't take out a contract. We did notice that while the above was the worst case of not really providing the advertised service at all, several of the other big name specialist off-site back-up services didn't seem to be much better. None of them actually promised to take steps such that even if they had to shut down at short notice for any reason there was a always a credible plan in place to get your data back to you.
One of my colleagues made a strong case that we should use something like encrypted files uploaded to AWS if we wanted cloud back-ups, for the simple reason that Amazon make most of their money elsewhere but rely on AWS themselves as well, which with their scale means it is inconceivable that the service would be shut off with the loss of data before we had chance to retrieve it. In the end, we decided (as we have with most other cloud services) that the whole idea didn't live up to the hype, and we opted to lease a dedicated server housed in someone else's data centre and we basically just do an automatic rsync from our normal servers to the back-up with suitable levels of encryption applied throughout.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.